3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Cyber Team Indonesia

Cyber Team Indonesia

ID: f52c21e28be1cb613b5f5ea926a12aec12625
Hacktivist Group DDoS Crew Hacktivism
Threat types: Hacktivism, DDoS Attack, pro-Russia, pro-Palestine
Indonesia
Updated: 2026-04-12
Created: 2026-02-09
Progress: 83% Completeness: 75% Freshness: 100%
Operation zone:
Aliases Limited alias preview
CYBER_TEAM_INDONESIA CyberTeamIndonesia In******************* In*****************
Showing 2 of 4 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Cyber Team Indonesia is an Indonesia-linked hacktivist collective/brand associated in OSINT with coalition-driven DDoS/defacement activity and leak/claim amplification via Telegram, including reported alliances with other hacktivist groups.


Technique Technique name Tactics Evidence
T1498 Network Denial of Service TA0040
  • 2024-12-16 — INFERENCE (confidence: medium): Actor is positioned in hacktivist alliance ecosystems commonly associated with DDoS impact operations; treat as a likely primary impact technique for the brand. · ref
T1491.001 Internal Defacement TA0040
  • 2025-02-06 — INFERENCE (confidence: medium): Public reporting frames the actor as a hacktivist group with capabilities beyond defacement, implying defacement is within its operating envelope. · ref
T1589 Gather Victim Identity Information TA0043
  • 2025-05-01 — INFERENCE (confidence: medium): Hacktivist campaigns are organized around target lists and narrative hashtags; victim-identity collection is a common precursor for naming targets in claims. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2024-06-14 — INFERENCE (confidence: medium): Hacktivist groups targeting web properties typically rely on exploitation of public-facing applications and misconfigurations to achieve defacement/data exposure; confirm with victim telemetry before firm attribution. · ref
T1110 Brute Force TA0006
  • 2025-05-01 — INFERENCE (confidence: low): Credential attacks are commonly discussed/observed in hacktivist Telegram ecosystems; may be used opportunistically against exposed admin surfaces. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-17T22:01:33+00:00

Cyber Team Indonesia — Indonesian hacktivist collective with alliance-driven operations

Classification: TLP:WHITE - Open Source Intelligence (OSINT)

Category: Hacktivism / Hybrid influence operations - Origin: Indonesia (assessed)

Author: iQBlack CTI Team



Executive Summary

Cyber Team Indonesia is an Indonesia-linked hacktivist collective that appears primarily oriented toward politically framed disruption and “data leak” publicity. Public reporting across 2024–2025 repeatedly places the group (and the “Database Leaks Cyber Team Indonesia” label) within Telegram-coordinated hacktivist ecosystems, where activity is measured by public claims, campaign hashtags, and alliance announcements.


The group is best modeled as a loose brand and coordination layer rather than a single, tightly controlled operator: alliances with other hacktivist entities and participation in multi-group campaign framing are recurring signals. In October 2024, public reporting documents a strategic alliance link between Cyber Team Indonesia and NoName057(16), a prominent pro-Russian DDoS actor, suggesting cross-regional coordination rather than purely local activism.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Cyber Team Indonesia

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Cyber Team Indonesia


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-17T22:05:28+00:00

OSINT Library — Cyber Team Indonesia

Classification: TLP:WHITE - Open Source Intelligence (OSINT)

Curated references used to support the Cyber Team Indonesia full dataset. Items are selected for traceability and utility (alliances, targeting context, coordination platforms, and activity rollups). URLs include UTM tags for attribution tracking.

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/4
Address Verification SOCMINT
m.facebook.com/Ind********************************** Restricted Not integrated
Address Verification SOCMINT
t.me/CYB***************** Restricted Not integrated
t.me/Ind**************** Restricted Not integrated
t.me/+-S************** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–2 of 2 images
Alliance with Nation Of Saviors Free Preview
Alliance with Nation Of Saviors
Image used in social media account Free Preview
Image used in social media account